Course Objectives

• This Course Objective Hasn't Been Provided Yet

Target Audience

Individuals who are looking to build a greater understanding of the impact of IT risk and how it relates to their organization.

Governance

Organizational Governance A

• · Organizational strategy, goals and objectives
• · Organizational structure, roles and responsibilities
• · Organizational culture
• · Policies and standards
• · Business processes
• ·Organizational assets

Risk Governance B

• · Enterprise risk management and risk management framework
• · Three lines of defense
• · Risk profile
• · Risk appetite and risk tolerance
• · Legal, regulatory and contractual requirements
• · Professional ethics of risk management

IT Risk Assessment

IT Risk Identification A

• · Risk events (e.g., contributing conditions, loss result)
• · Threat modeling and threat landscape
• · Vulnerability and control deficiency analysis (e.g., root cause analysis)
• · Risk scenario development

IT Risk Analysis and Evaluation B

• · Risk assessment concepts, standards and frameworks
• · Risk register
• · Risk analysis methodologies
• · Business impact analysis
• · Inherent and residual risk

Risk Response and Reporting

Risk Response A

• · Risk treatment/risk response options
• · Risk and control ownership
• · Third-party risk management
• · Issue, finding and exception management
• · Management of emerging risk

Control Design and Implementation B

• · Control types, standards and frameworks
• · Control design, selection and analysis
• · Control implementation
• · Control testing and effectiveness evaluation

Risk Monitoring and Reporting C

• · Risk treatment plans
• · Data collection, aggregation, analysis and validation
• · Risk and control monitoring techniques
• · Risk and control reporting techniques (heatmap, scorecards and dashboards)
• · Key performance indicators
• · Key risk indicators (KRIs)
• · Key control indicators (KCIs)

Information Technology and Security

Information Technology Principles A

• · Enterprise architecture
• · IT operations management (e.g., change management, IT assets, problems and incidents)
• · Project management
• · Disaster recovery management (DRM)
• · Data lifecycle management
• · System development life cycle (SDLC)
• · Emerging technologies

Information Security Principles B

• · Information security concepts, frameworks and standards
• · Information security awareness training
• · Business continuity management
• · Data privacy and data protection principles
   

This course hasn't been scheduled yet, however you can request for In-House training